Platform Engineer

Key Responsibilities

• Design, build, and operate Envoy and Kong gateway infrastructure supporting production traffic across multiple lines of business
• Develop Go-based control plane services, including ingress registry, xDS controllers, session management, and context propagation
• Implement and maintain OPA (Open Policy Agent) policies for gateway-level authorization
• Build and extend OpenTelemetry pipelines (OTel Collector, Dynatrace, Splunk SIEM integration)
• Manage GitOps-based deployments using ArgoCD and Helm across multi-cluster Kubernetes environments
• Automate WAF rule management across CDN platforms (Akamai, Cloudflare) using infrastructure-as-code approaches
• Contribute to internal platform tooling and dashboards (TypeScript/React) for route management and observability
• Partner with application teams to onboard services and migrate legacy ingress traffic
• Participate in incident response, runbook development, and production readiness reviews
• Promote engineering best practices including testing, code reviews, and observability-first design

Required Qualifications

• Bachelor’s or Master’s degree in Computer Science or related field (or equivalent experience)
• 8+ years of industry experience in platform, infrastructure, or backend engineering
• 5+ years of hands-on experience with:
  • Envoy Proxy (xDS/ADS, ext_authz, HTTP/2, gRPC, WebSocket) and/or
  • Kong API Gateway (plugin development, DB-less mode, Admin API)
• Strong proficiency in Go (Golang), including concurrency patterns and distributed systems design
• Deep experience with Kubernetes (EKS and/or on-prem):
  • Helm, HPA, PodDisruptionBudgets, NetworkPolicy, namespace isolation
  • GitOps workflows (ArgoCD)
• Strong understanding of authentication & security protocols:
  • OAuth 2.0, OIDC, PKCE
  • mTLS, DPoP, session management patterns
• Experience with Open Policy Agent (OPA) and Rego policy development
• Hands-on experience with observability tooling:
  • OpenTelemetry (traces, metrics, logs)
  • Dynatrace and Splunk SIEM
• Experience with data and messaging systems:
  • PostgreSQL (HA, pooling, PITR)
  • Kafka (MSK, Schema Registry, DLQ patterns)
• Familiarity with:
  • CDN/WAF platforms (Akamai, Cloudflare)
  • DNS routing (GeoDNS, GTM, health checks)
  • TLS lifecycle management (cert-manager, KMS/HSM)
• Strong foundation in networking (L3–L7), distributed systems, and algorithms
• Proven experience building high-throughput, low-latency, resilient systems

Preferred Qualifications

• Experience with TypeScript/React for internal tooling or dashboards
• Strong background in AWS services (EKS, MSK, Lambda, Direct Connect, Network Firewall)
• Familiarity with CI/CD pipelines (Bitbucket Pipelines, GitOps workflows)
• Experience with Continuous Access Evaluation Protocol (CAEP) or similar session revocation systems
• Background in identity platforms (ForgeRock, SAML, token exchange patterns)